Reject unencrypted messages

2011-01-06 Thread IT geek 31
My accountant and I both have digital certificates and most of the time encrypt our mails. But he often forgets, meaning sensitive information is sent in plaintext. Is there any way to instruct Postfix to reject his mail unless it is encrypted? I know I can setup TLS, but that is something I do

Re: Reject unencrypted messages

2011-01-06 Thread Ansgar Wiechers
On 2011-01-06 IT geek 31 wrote: > My accountant and I both have digital certificates and most of the > time encrypt our mails. But he often forgets, meaning sensitive > information is sent in plaintext. > > Is there any way to instruct Postfix to reject his mail unless it is > encrypted? > > I k

Permissions in a multiple instance setup

2011-01-06 Thread Ralf Hildebrandt
How can I check & correct the permissions (especially on $queue_dir/maildrop and $queue_dir/public) using postmulti? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30

RE: Change error messages returned by Postfix

2011-01-06 Thread Mark Scholten
> > Le 04/01/2011 22:24, Noel Jones a écrit : > > On 1/4/2011 3:04 PM, pf at alt-ctrl-del.org wrote: > >> > >> I'm trying to stop the chain of: > >> Sender calls recipient, recipient calls their tech, > >> recipient's tech calls me... Then I tell them to contact the > >> sender's admin... Then the

Re: Change error messages returned by Postfix

2011-01-06 Thread Wietse Venema
This is the current implementation of "reject" footer messages. Wietse smtpd_reject_contact_information (default: empty) Optional contact information that is appended after each SMTP server 4XX or 5XX response. Example: /etc/postfix/main.cf: smt

Re: Permissions in a multiple instance setup

2011-01-06 Thread Wietse Venema
Ralf Hildebrandt: > How can I check & correct the permissions (especially on > $queue_dir/maildrop and $queue_dir/public) using postmulti? postfix set-permissions postfix upgrade-configuration These work on all instances that have multi-instance management enabled (postmulti -e enable -i instance

Re: verify db with mysql

2011-01-06 Thread Stefan Jakobs
On Thursday 06 January 2011 01:45:00 Victor Duchovni wrote: > On Wed, Jan 05, 2011 at 06:56:31PM -0500, Wietse Venema wrote: > > Each verify or postscreen or tlsmgr process will at set times > > scan the database for old entries. > > > > If it so happens that this scan doesn't finish before the n

smptd trivial-rewrite daemons and ldap checking

2011-01-06 Thread postfix
Hi all Postfix version = 2.5.5 I apply a ldap filter to check senders and a ldap filter for the recipients route. I have the following warnings in the postfix logs when the filters fail both due to a ldap size limit exceeded. agu-fe postfix/trivial-rewrite[30723]: warning: dict_ldap_lookup: Sea

Re: Reject unencrypted messages

2011-01-06 Thread IT geek 31
I am talking about the mail content, and I'm using S/MIME. Yes, I'm sure the accountant will never send me unencrypted mail. Thanks, On 6 January 2011 14:25, Ansgar Wiechers wrote: > On 2011-01-06 IT geek 31 wrote: >> My accountant and I both have digital certificates and most of the >> time

Re: Reject unencrypted messages

2011-01-06 Thread Tom Hendrikx
On 06/01/11 20:06, IT geek 31 wrote: > I am talking about the mail content, and I'm using S/MIME. > > Yes, I'm sure the accountant will never send me unencrypted mail. > > Thanks, > > > > On 6 January 2011 14:25, Ansgar Wiechers wrote: >> On 2011-01-06 IT geek 31 wrote: >>> My accountant and

Re: Reject unencrypted messages

2011-01-06 Thread IT geek 31
>> On 6 January 2011 14:25, Ansgar Wiechers wrote: >>> On 2011-01-06 IT geek 31 wrote: My accountant and I both have digital certificates and most of the time encrypt our mails.  But he often forgets, meaning sensitive information is sent in plaintext. Is there any way to

Upgrade from Postfix 2.2.10 to 2.7.2 - Timeout problems in lmtp

2011-01-06 Thread Steve Cooper
Hi- We upgraded to a much newer version of Postfix, and have one stubborn problem I can't seem to fix. Any help would be much appreciated. RedHat Linux ES4 Were using RH's postfix: postfix-2.2.10-1.2.1.el4_7 Downloaded source for 2.7.2. Built, and did a make upgrade. Everything appears to work

Re: Reject unencrypted messages

2011-01-06 Thread Jerry
On Thu, 6 Jan 2011 19:21:56 + IT geek 31 articulated: > I think you've nailed it there Tom - I'm trying to teach better > etiquette. Ideally I'd like a plugin for his mail client (Outlook) > that automatically detects the recipient (me) and encrypts the mail, > but I have been unavailable to

Re: Upgrade from Postfix 2.2.10 to 2.7.2 - Timeout problems in lmtp

2011-01-06 Thread Victor Duchovni
On Thu, Jan 06, 2011 at 11:41:28AM -0800, Steve Cooper wrote: > Here's the line from our trans.exp file: > >/^om_.*/ lmtp:inet:opus.allegro.com:24 > > And, the corresponding line in main.cf: > >transport_maps = regexp:/etc/postfix/trans.exp > > This all worked fine with the old ve

Re: Upgrade from Postfix 2.2.10 to 2.7.2 - Timeout problems in lmtp

2011-01-06 Thread Wietse Venema
Steve Cooper: > 8A30B52465235124 Thu Jan 6 11:08:31 g...@wti.com > (conversation with opus.allegro.com[10.84.2.10] timed out while > sending end of data -- message may be sent more than once) > o...@allegro.com >

RE: Upgrade from Postfix 2.2.10 to 2.7.2 - Timeout problems in lmtp - FIXED!

2011-01-06 Thread Steve Cooper
> On Thu, Jan 06, 2011 at 11:41:28AM -0800, Steve Cooper wrote: > > > Here's the line from our trans.exp file: > > > >/^om_.*/ lmtp:inet:opus.allegro.com:24 > > > > And, the corresponding line in main.cf: > > > >transport_maps = regexp:/etc/postfix/trans.exp > > > > This all worke

Re: Reject unencrypted messages

2011-01-06 Thread IT geek 31
On 6 January 2011 19:49, Jerry wrote: > On Thu, 6 Jan 2011 19:21:56 + > IT geek 31 articulated: > >> I think you've nailed it there Tom - I'm trying to teach better >> etiquette.  Ideally I'd like a plugin for his mail client (Outlook) >> that automatically detects the recipient (me) and encr

Re: verify db with mysql

2011-01-06 Thread Victor Duchovni
On Thu, Jan 06, 2011 at 04:56:48PM +0100, Stefan Jakobs wrote: > > In this case, it is not as critical to set such a flag, but it is important > > to allow the existing scan to continue to completion, and ignore or > > (just note) new requests until it does. Once a scan completes, new > > scans ca

Re: Reject unencrypted messages

2011-01-06 Thread lst_hoe02
Zitat von IT geek 31 : On 6 January 2011 19:49, Jerry wrote: On Thu, 6 Jan 2011 19:21:56 + IT geek 31 articulated: I think you've nailed it there Tom - I'm trying to teach better etiquette.  Ideally I'd like a plugin for his mail client (Outlook) that automatically detects the recipient

Site Rolling Archive Advice?

2011-01-06 Thread Bob Proulx
I am helping a school and they have told me they need to keep an archive of all email through the site for a short period of time. They also need to delete email after a period of time. In the mean time this email needs to be available for review by authorized persons. (In practice actually doing

Re: Site Rolling Archive Advice?

2011-01-06 Thread Ralf Hildebrandt
* Bob Proulx : > I am helping a school and they have told me they need to keep an > archive of all email through the site for a short period of time. > They also need to delete email after a period of time. In the mean > time this email needs to be available for review by authorized > persons. (I

Re: Change error messages returned by Postfix

2011-01-06 Thread mouss
Le 06/01/2011 16:30, Wietse Venema a écrit : > This is the current implementation of "reject" footer messages. Wietse, thanks infinitely (and I forgot to say it before: happy new year, best wishes and "bonne santé"!). > > Wietse > > smtpd_reject_contact_information (default: empty) >

Re: Reject unencrypted messages

2011-01-06 Thread mouss
Le 06/01/2011 21:01, IT geek 31 a écrit : > [snip] > > Outlook is all-or-nothing - it can force encryption for all > recipients, regardless if they have a certificate or not, or none at > all. > AFAIK, it has no way of determining if a recipient has a certificate > and if so forcing encryption. >

Re: Site Rolling Archive Advice?

2011-01-06 Thread Noel Jones
On 1/6/2011 3:31 PM, Ralf Hildebrandt wrote: * Bob Proulx: I am helping a school and they have told me they need to keep an archive of all email through the site for a short period of time. They also need to delete email after a period of time. In the mean time this email needs to be available

Re: DSN action code "expanded" with lmtp_assume_final=yes

2011-01-06 Thread lst_hoe02
Zitat von Victor Duchovni : On Thu, Dec 23, 2010 at 02:39:23PM +0100, lst_ho...@kwsoft.de wrote: To summarize: DSN as of RFC 3461 is only recommended as internal status indicator for message relayed out of the own scope. End-to-end status is neither supported nor technically possible at the

Re: DSN action code "expanded" with lmtp_assume_final=yes

2011-01-06 Thread Victor Duchovni
On Thu, Jan 06, 2011 at 11:16:25PM +0100, lst_ho...@kwsoft.de wrote: >> How was end-to-end DSN potentially (more) useful for you? In most cases >> once mail is accepted by an MX host, the next few delivery steps are >> reliable. If the mail does not then bounce, it is either delivered or >> quaran

Re: Reject unencrypted messages

2011-01-06 Thread IT geek 31
> If you really like to do you might use header_checks to detect the > Content-Type. Signed mail for example has "Content-Type: multipart/signed". > For header_checks have a look here > http://www.postfix.org/header_checks.5.html, but be aware that the content > has already leaked as others said. I

Re: Site Rolling Archive Advice?

2011-01-06 Thread Victor Duchovni
On Thu, Jan 06, 2011 at 04:04:42PM -0600, Noel Jones wrote: > On 1/6/2011 3:31 PM, Ralf Hildebrandt wrote: >> * Bob Proulx: >>> I am helping a school and they have told me they need to keep an >>> archive of all email through the site for a short period of time. >>> They also need to delete email

Re: smptd trivial-rewrite daemons and ldap checking

2011-01-06 Thread Victor Duchovni
On Thu, Jan 06, 2011 at 06:15:00PM +0100, postfix wrote: > I apply a ldap filter to check senders and a ldap filter for the > recipients route. > I have the following warnings in the postfix logs when the filters fail > both due to a ldap size limit exceeded. > > agu-fe postfix/trivial-rewrite[30

smtp_fallback_relay and Sender Reputation

2011-01-06 Thread Steve Jenkins
We're exploring the possibility of using smtp_fallback_relay as a way to offload re-delivery attempts of deferred mails when we send our weekly newsletter to 700K+ recipients. >From the docs at http://www.postfix.org/postconf.5.html#smtp_fallback_relay, here's how I understand this would work: 1)

Re: smtp_fallback_relay and Sender Reputation

2011-01-06 Thread Victor Duchovni
On Thu, Jan 06, 2011 at 04:52:29PM -0800, Steve Jenkins wrote: > We're exploring the possibility of using smtp_fallback_relay as a way to > offload re-delivery attempts of deferred mails when we send our weekly > newsletter to 700K+ recipients. A good idea for mailings of this scale. > 3) fallba

Re: smtp_fallback_relay and Sender Reputation

2011-01-06 Thread Wietse Venema
Victor Duchovni: > Yes. > > > 2) Am I accurate in assuming that smtp.receivingdomain.com will see delivery > > attempts from both IP addresses for mailer.sendingdomain.com and > > fallbackmailer.sendingdomain.com, and therefore I will need to manage the > > Sender Reputations of both IPs, make sur

my postfix mail server sending spam mail out

2011-01-06 Thread Makara
Hi All, I'm plesk control panel administrator. In this few days I found there are many deferred message in mailq and I know that hosting server is sending hug spam message out. Here is the log from postfix. Jan 6 09:01:27 hosting postfix/pickup[17047]: 5606D841517: uid=48 from= Jan 6 09:01:27 h

Re: my postfix mail server sending spam mail out

2011-01-06 Thread Dennis Carr
On Fri, 7 Jan 2011, Makara wrote: Hi All, I'm plesk control panel administrator. In this few days I found there are many deferred message in mailq and I know that hosting server is sending hug spam message out. Here is the log from postfix. Turn up the log deg level a bit and it will show the

Re: my postfix mail server sending spam mail out

2011-01-06 Thread Noel Jones
On 1/6/2011 9:41 PM, Makara wrote: Hi All, I'm plesk control panel administrator. In this few days I found there are many deferred message in mailq and I know that hosting server is sending hug spam message out. Here is the log from postfix. Jan 6 09:01:27 hosting postfix/pickup[17047]: 5606D8